Data Protection News Roundup – 24th September 2019

The Data Guardians Managing Director and lead consultant Matthew Lamb is a Certified Cyber Risk Management Practitioner. Get in touch with us to ask about how we can help you with your GDPR and Data Protection Act compliance.


Who’s getting it wrong?

The ICO has fined a Swansea double-glazing company £150,000 for making nuisance calls over an 11 month period. Read more here.


Other News

According to figures released via a Freedom of Information request 60% of 4,856 personal data breaches reported to the ICO between 1 January and 20 June 2019 were the result of human error. Of those incidents, 43% were the result of incorrect disclosure, with 20% posting or faxing data to the incorrect recipient. Meanwhile, 18% were attributed to emailing information to incorrect recipients or failing to use BCC, and 5% were caused by providing data in a response to a phishing attack. Read more here.

WannaCry remains “rampant” more than two years after wreaking havoc on the NHS and other critical industries, a new paper has found. A report published by British data protection firm Sophos discovered 4.3 million WannaCry infection attempts in August 2019 alone. Read more here.

NHS Digital has launched a campaign to raise staff awareness around basic cyber security. The Keep I.T. Confidential campaign aims to educate staff across the NHS on common-sense IT security practice and the impact of data and cyber security on patient safety. Read more here.

The EU’s top court has ruled that Google does not have to apply the right to be forgotten globally. It means the firm only needs to remove links from its search results in Europe – and not elsewhere – after receiving an appropriate request. The ruling stems from a dispute between Google and a French privacy regulator. In 2015, CNIL ordered the firm to globally remove search result listings to pages containing damaging or false information about a person. The following year, Google introduced a geoblocking feature that prevents European users from being able to see delisted links. But it resisted censoring search results for people in other parts of the world. And the firm challenged a €100 fine that CNIL had tried to impose. Google had argued that the obligation could be abused by authoritarian governments trying to cover up human rights abuses were it to be applied outside of Europe. Read more here.

A woman says her son’s school banned the use of children’s surnames on textbooks, in order to comply with GDPR regulations. Her son is being called ‘Harry2’ to differentiate between him and another boy with the same first name. The Rochdale school believes using surnames on textbooks would fall foul of GDPR regulations, if the books were to be taken out of the classroom during parent’s evenings. However, Harry’s mum says she has gone to the ICO and has been told that the policy is ‘not necessary’. Read more here.


Don’t miss another news roundup, subscribe to our mailing list and receive a monthly email with essential data protection news and insights. Subscribe here.

Leave a reply

You must be logged in to post a comment.